Gossamer Forum
Home : General : Databases and SQL :

Inserting ' and " charachters.

Quote Reply
Inserting ' and " charachters.
Hi, I am new here, I am trying to insert a comment about a particular item, and the description, if it contains an apostorphe ' or quotes " it plays hanky panky with the insert statement, how can I have my insert statement insert ALL of the charachters, including apostorphies, etc...

here's the code in question, and i get an error when i try to insert anything with an apostrophe.

sql = "INSERT into project_tbl (project_name, description, creation_date) VALUES ('" & projectname & "','" & projectdescription & "','" & createdate & "')"

In this example I have the database trying to insert when "projectdescription = description's" . But if I enter descriptions without the apostrophe, it works...is there some sort of tag, or delimiting mark I can put on the statment telling it to accept all values verbatum, and not try to parse them? Thank you!

Last edited by:

MrFerrari: Oct 23, 2002, 1:33 PM
Quote Reply
Re: [MrFerrari] Inserting ' and " charachters. In reply to
Well, I found the answer! well, an answer. Using VBscript, replace all single apostrophe's with a double apostrophe. As SQL interprets a double apostrophe " '' " as a single one.

I implimented this code

projectname = request.form("newname")
projectname = replace (projectname, "'","''")
projectdescription = request.form("newdesc")
projectdescription = replace (projectdescription, "'","''")

For the two fields which could contain an apostrophe, it works great!
Quote Reply
Re: [MrFerrari] Inserting ' and " charachters. In reply to
All what you need - its escaping all extra characters.

You can do this by use PHP function mysql_real_escape_string

$item = "Zak's and Derick's Laptop";
$escaped_item = mysql_real_escape_string($item);

Andrew A.Romanchenko
Programmer of Rapid Internet Development Department
Alar Information Technologies, www.alarit.com

Quote Reply
Re: [Define] Inserting ' and " charachters. In reply to
or in Perl by calling the DBI escape() sub, or by using placeholders in the query & then supplying a list of values in the execute() call.

Limecat is not pleased.
Quote Reply
Re: [fuzzy thoughts] Inserting ' and " charachters. In reply to
try this one it is work for me

$yourdata =~ s/\'/\'\'/g;
Quote Reply
Re: [courierb] Inserting ' and " charachters. In reply to
You should use $dbi->escape as fuzzy thoughts mentioned, that's what it is there for :)

Last edited by:

Paul: Nov 28, 2002, 2:34 AM